CCMSPUI-645 Initial fix

Signed-off-by: Jamie Briggs <jamie.briggs@digital.justice.gov.uk>
ministryofjustice · Mar 3, 2025 · 4b4e06e · 4b4e06e
1 parent baf4199
commit 4b4e06e
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/data-api/open-api-specification.yml b/data-api/open-api-specification.yml
@@ -1255,6 +1255,13 @@ paths:
             type: 'integer'
             format: 'int64'
             example: '123456789'
+        - name: 'user-id'
+          in: 'query'
+          required: true
+          schema:
+            type: 'integer'
+            format: 'int64'
+          example: '123456789'
         - name: 'provider-id'
           in: 'query'
           required: true

diff --git a/data-service/src/main/java/uk/gov/laa/ccms/data/controller/NotificationsController.java b/data-service/src/main/java/uk/gov/laa/ccms/data/controller/NotificationsController.java
@@ -38,13 +38,14 @@ public class NotificationsController implements NotificationsApi {
    * Retrieves a notification based on the provided notification ID and provider ID.
    *
    * @param notificationId the unique identifier of the notification to retrieve
+   * @param userId the unique identifier of the user assigned to the notification
    * @param providerId the unique identifier of the provider associated with the notification
    * @return a {@code ResponseEntity} containing the retrieved {@code Notification} if found,
    *         or a {@code ResponseEntity} with HTTP status 404 if the notification is not found.
    */
   @Override
-  public ResponseEntity<Notification> getNotification(Long notificationId, Long providerId) {
-    return notificationService.getNotification(notificationId, providerId).map(ResponseEntity::ok)
+  public ResponseEntity<Notification> getNotification(Long notificationId, Long userId, Long providerId) {
+    return notificationService.getNotification(notificationId, userId, providerId).map(ResponseEntity::ok)
         .orElse(ResponseEntity.notFound().build());
   }
 

diff --git a/data-service/src/main/java/uk/gov/laa/ccms/data/repository/NotificationRepository.java b/data-service/src/main/java/uk/gov/laa/ccms/data/repository/NotificationRepository.java
@@ -1,5 +1,6 @@
 package uk.gov.laa.ccms.data.repository;
 
+import java.util.Optional;
 import org.springframework.stereotype.Repository;
 import uk.gov.laa.ccms.data.entity.NotificationInfo;
 
@@ -15,5 +16,5 @@
  */
 @Repository
 public interface NotificationRepository extends ReadOnlyRepository<NotificationInfo, Long> {
-
+  Optional<NotificationInfo> findByNotificationIdAndUserId(Long notificationId, Long userId);
 }
diff --git a/data-service/src/main/java/uk/gov/laa/ccms/data/service/NotificationService.java b/data-service/src/main/java/uk/gov/laa/ccms/data/service/NotificationService.java
@@ -106,15 +106,17 @@ public Optional<Notifications> getNotifications(final long providerId,
    * Retrieves a notification based on its ID and verifies the provider firm's ID.
    *
    * @param notificationId the unique identifier of the notification to retrieve
+   * @param userId the identifier of the user assigned to the notification to retrieve
    * @param providerFirmId the identifier of the provider firm to validate access
    * @return an Optional containing the Notification if found and accessible,
    *     otherwise an empty Optional
    * @throws ResponseStatusException if the provider firm ID does not match,
    *     returning a forbidden status
    */
   public Optional<Notification> getNotification(final long notificationId,
+      final long userId,
       final long providerFirmId) {
-    Optional<NotificationInfo> byId = notificationRepository.findById(notificationId);
+    Optional<NotificationInfo> byId = notificationRepository.findByNotificationIdAndUserId(notificationId, userId);
 
     // Return empty if not found
     if (byId.isEmpty()) {